WifiRttScanX is useful for surveying a location to discover the properties of Wi-Fi access points — particularly the extent to which they support range measurements.
WifiRttScanX can be used to estimate the offset in range measurements — knowledge of which can make indoor localization more accurate (when, for example, using FTMRTT ).
WifiRttScanX is an Android app for ranging to Wi-Fi access points (APs) — based on:
WifiRttScanX also allows:
Listed are SSID, BSSID (Mac address), signal strength (in dBm), frequency (in MHz) (*), Wi-Fi standard (11n, 11ac, 11ax, or 11be), and a FTM RTT indicator.
The FTM RTT indicator is a character indicating the level of support for range measurements:
@ |
for APs that responded and advertised their ability to do
so in the beacon frame — such as the original Google Wi-Fi, Nest Wi-Fi, Nest Wi-Fi Pro, Compulab WILD, Aruba 500 series, Aruba 600 series, Aruba 700 series, etc.; |
|
a |
for APs that advertised their ability to respond to FTM RTT
requests, but then did not
actually respond (possibly because of low signal strength); | |
* |
for APs that did respond to FTM RTT requests but
do not advertise this capability — such as Linksys Velop, Netgear Orbi, ASUS RT-ACRH13, Eero Pro, Eero Max 7, etc. (shown only if “Two-sided” is checked in the “More menu”) (†); |
|
# |
for APs that respond to “one-sided” FTM RTT
requests (shown only if “Two-sided” is not checked); |
|
blank |
for APs that did not respond to FTM RTT
requests — most likely because they do not support
the protocol — but could also be because of low signal strength. |
|
c | A second letter is used to indicate support for 802.11az. |
There can be more BSSIDs than fit on one screen, in which case, drag the view up to see the rest.
The results of individual Wi-Fi scans are recorded in files with names starting with wifi-scan- (provided “Record Wi-Fi scans” is checked in the menu);
Entries in the 2.4 GHz band are listed first, followed by those in the 5 GHz band, finally those in the 6 GHz band.
Within each group entries may be sorted by RSSI.
The sorting order can be changed from the
“More Menu” (⋮).
(*) Note: the frequency shown is the primary 20 MHz wide channel over which
the client is communicating with the AP —
not the center frequency of the channel used for FTM RTT,
which may be 80 MHz or wider
(see details in article on
WLAN
channels).
(†) For more details about AP support for FTM RTT, see Which Wi-Fi APs support FTM RTT (IEEE 802.11mc)?
Two parameters control this ranging process:
The “Range-mean”, “RangeSD-mean”,
“RSSI-mean”, “Time-mean” are
block averages of the raw data.
Click “Reset Ranging” to clear out the history and restart the averaging process.
Suggestion: To obtain the best result, you may want to move the phone around a bit (by a few centimeters) in order to try and "average out" the position dependent error.
Location: The AP latitude, longitude and altitude fields will be populated if the AP provides this information (in the LCI field of the FTM RTT response):
At each stage, one of the three buttons is highlighted (in blue) to suggest what might be the best next action (although other buttons are not disabled).
The “Overall Offset” field shows the difference between the average estimated range
and the average true range.
This is an estimate of the offset or bias
of ranging measurements made by this combination of cell phone and AP.
It can be used later to correct FTM RTT measurements
(NOTE: FTMRTT requires an offset that is to be subtracted from the measured distance which is what WifiRttScanX produces).
WifiRttScanX also shows the offset and slope of a straight line fit. The expected value of the slope is, of course, one.
WifiRttSxanX discards a small fraction of the highest and the
lowest ranging results
in order to suppress the effect of inevitable outliers.
Here you can select the starting value (default 0.5 m) and increment (default 0.5 m) for the true range, the RTT burst size, the time before ranging for a particular distance will be stopped (“Timer interval”), and the file name prefix for the log files.
The offset depends somewhat on the properties of the radios at the ends of the
Wi-Fi links, that is, the ones in the UE (phone) and the AP (access point).
Knowing the offset can improve the accuracy of indoor localization performed by the
FTMRTT app.
The accuracy of distance estimates can be improved if the offset is measured and
subtracted from the value returned by RTT.
In some favorable cases the offset is smaller than a meter, and can be ignored
(e.g. Google Pixel 5 phone with respect to the original Google Wi-Fi AP).
However, for some combinations of phones and APs it may be
5 meter or more (positive or negative), in which case it is important to remove it.
Significantly, averaging many measurements taken in a fixed position is not very helpful because of the position dependent error.
What does work well is to make measurements at several different, but
known distances, and average the offsets —
(or, equivalently, take the difference between the overall average of the estimated
ranges and the overall average of the true ranges).
The following is a sequence of steps for offset calibration using WifiRttScanX:
Close the file and share it, if desired, by clicking “Share Log File”. Use the back arrow to return to the Ranging Activity.
As mentioned above, WifiRttSxanX discards a small fraction of the highest and the lowest ranging results in order to suppress the effect of inevitable outliers (and it takes this into account when estimating the RMS error).
Some sample offsets for two-sided RTT for various APs may be found in
FTM_RTT_two_sided_offsets.txt
(Note: these are somewhat outdated results, since firmware updates have
been improving FTM RTT accuracy in APs).
Some sample offsets for one-sided RTT for various APs may be found in
FTM_RTT_one_sided_offsets.txt
For this to work, certain permissions and default settings may be needed:
On the phone, in “Settings > System > Advanced”
select “Developer Options”.
Then, under “Debugging", enable “USB debugging”.
Further, under “Networking", click “Default USB configuration” and select “File transfer /
Android Auto"
(Exact details depend on which version of Android is installed on the phone);
Since Android 10 it has become easy to override this:
just disable “Wi-Fi scan throttling” from the
“Developer Options” menu
(assuming you have
enabled Developer Options).
This way it is possible to scan about every 3 to 5 seconds on most phones (longer on phones supporting the 6 GHz band as well).
On the Logging Activity Screen, the buttons can be activated using “key codes”.
These can, for example, be provided using the Android Debug Bridge (ADB):
adb shell input keyevent <keycode>
When you first open the installed app you will get a Permission Activity Screen since Wi-Fi RTT Ranging requires “Fine Location” permission.
You may also need to turn on “Location” in “Settings”.
If you already have one version of the app installed, then it may
happen that a new version cannot be installed on top of it
(perhaps because of a change in name or file “signature”).
In that case, simply uninstall the old version first.
Details: if you are downloading in some browser, like FireFox or
Chrome, you have to give it permission to install. From
Settings > Apps > Special app access > Install unknown apps.
Then click on the browser you use, and, finally, slide the
Allow from this source slider.
Alternatively, if you have AndroidStudio (or just its command-line tools) you can
use the Android Debug Bridge (ADB) with your phone connected via
USB cable:
adb install WifiRttScanX.apk
You may need to use the -t and -r command line flags:
adb install -t -r WifiRttScanX.apk
(or perhaps even adb install -r -t -d -g WifiRttScanX.apk).